Headline
CVE-2023-4389: fs: btrfs: fix possible use-after-free bug in error handling code of btrfs_get_root_ref()
A flaw was found in btrfs_get_root_ref in fs/btrfs/disk-io.c in the btrfs filesystem in the Linux Kernel due to a double decrement of the reference count. This issue may allow a local attacker with user privilege to crash the system or may lead to leaked internal kernel information.
Message ID
[email protected] (mailing list archive)
State
New, archived
Headers
show
Series
fs: btrfs: fix possible use-after-free bug in error handling code of btrfs_get_root_ref() | expand
Commit Message****Comments
Patch
diff --git a/fs/btrfs/disk-io.c b/fs/btrfs/disk-io.c index b30309f187cf…126f244cdf88 100644 — a/fs/btrfs/disk-io.c +++ b/fs/btrfs/disk-io.c @@ -1850,9 +1850,10 @@ static struct btrfs_root *btrfs_get_root_ref(struct btrfs_fs_info *fs_info,
ret = btrfs\_insert\_fs\_root(fs\_info, root);
if (ret) {
- btrfs_put_root(root); - if (ret == -EEXIST)
if (ret == -EEXIST) {
btrfs\_put\_root(root); goto again;
} return root;} goto fail;